Red Delta

Red Delta, also known as TA416, Stately Taurus, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, is a threat actor that has been involved in multiple malicious cyber campaigns. In August 2020 and November 2021, this group targeted European diplomatic entities using sophisticated techniques such as impersonating an external diplomatic organization via SMTP2Go to communicate with the end targets. The cybersecurity industry has identified a significant overlap between the operations of TA416 and Red Delta, leading to the conclusion that they may be the same entity. In one of their notable historical campaigns, Red Delta employed a unique strategy by delivering a Dropbox URL that led to a variant of PlugX malware. This approach was consistent with Recorded Future's analysis of Red Delta's modus operandi. The PlugX malware, often used in advanced persistent threat (APT) attacks, is known for its stealthy nature and robust capabilities, making it a potent tool in the hands of skilled threat actors like Red Delta. Proofpoint researchers have expressed high confidence that the operator behind the recent PlugX malware campaigns is the same as the one previously identified in 2020 as part of Recorded Future's Red Delta campaign. Additionally, Cyble tracks this threat actor as Stately Taurus and it has been linked to cyber activities in regions beyond Europe, including the deployment of Mustang Panda in the Philippines amidst military buildup. This diverse naming convention and geographical reach underscore the global threat posed by this actor.